congrats \o/ I see my BSCP github Lab cheatsheet 1: noted in your video description, thanks, glad it came up in your research and glad if it helped breaking down the stages
It was awesome, thanks! I came across some of my own videos/writeups on a cheatsheet while I was revising, might of been yours. Full learning circle, love to see it 😅
Glad to see you’re uploading fairly regularly, I found you binex playlist and man it’s been immensely helpful keep it up man! You do a great job breaking things down and explaining things.
Thanks for the review. These labs used to load so fast, but now it takes forever to load /my-account, and even times out. Must be the traffic due to this video 😅
@@ismailmatrix1 There's no VPN, it's a similar setup to the practice exams. I didn't notice any performance issues though, they probably take resource allocation more seriously for the exam.
Congrats! I will attempt my first exam soon, but I still struggle with some obfuscation in the practice exams (XSS). I generally feel confident with XSS and XXE, but since I'm really new to the field and don't have much (if any) web development experience, I feel like I'm missing out on some JavaScript and XML built-in functions and syntax that can be used to obfuscate. To my question: Was that a big part of your exams? Do you have some resources that might help with that?
Thank you! Best of luck with the exam 🤞On the obfuscation, portswigger recommend this article for the exam: portswigger.net/web-security/essential-skills/obfuscating-attacks-using-encodings, I'd also recommend reviewing the labs that require obfuscation. I can't say much about the final exam (and both my attempts were different vulns anyway) but the practice exams are a good idea of what to expect - IIRC in those you don't have to deal with obfuscation blindly, e.g. there is some feedback to say something like "attack detected" or you can see some characters/keywords being stripped out, so you know where to focus your obfuscation techniques on, e.g. if there's an indication that some chars are blocked, you could fuzz through the possible chars and make a list of which ones trigger an error and which don't, then try different encodings until you no longer see errors.
Thanks for the detailed breakdown as usual. If I may one question. Currently working as a network admin and I am looking to get into pentesting. Most people say that it's easier to get into web app pentesting as there is more demand, however should I still pursue network pentesting as it's closer to my background ?
Thanks mate! Good question, but one only you can answer. I don't think you'll have problem finding work in either field, if you are good at what you do. The most skilled people are generally those who are passionate about the subject, so if you feel more interested in web then don't worry if you won't put your networking experience to best use (I say "best", because even if you move to web, the network pentesting experience will be helpful). On the other hand, if you feel more passionate about networking, don't switch to web just because there might be more work/money. TLDR; work hard on what you enjoy and the work/money will follow. Besides, many pentesting jobs involve a mix of these topics. One client might request a website pentest, another a network, another a mobile app.. or maybe a combination of all 🙂
Hello! Thanks for the detailed review. However, I am still not sure whether to go for CBBH or BSCP first. I know BSCP is much cheaper, but since I need Burp Pro to finish all the Academy labs and for the exam, I think it would be necessary to get a 1-year subscription. Would it still be worth it to go first with BSCP instead of CBBH considering that the prices could be similar for both with the Burp Pro subscription + exam voucher cost?
Hmmmm good question! I haven't done the CBBH exam but I did finish the course. First thing I'll say is they both good, but very different. Portswigger will teach you everything you need to know about web vulns and exploits, but not much about the methodology of hunting. CBBH will go more into things like scope, recon, reporting etc. Personally, I would recommend BSCP first - the labs and material on portswigger are the gold standard IMO, everyone interested in web hacking should complete them. The exam is very fairly priced, but will probably continue to rise as it becomes more established. I know you mention the price of burp but consider you could: a) Use burp pro 1 month trial b) At least get the benefits of having a year of burp pro, e.g. for bug bounty hunting Up to you though, CBBH is also very good!
@@_CryptoCat Thank you for the quick response. I hadn't considered the benefits of having a Burp Pro subscription for bug bounty, so that's definitely useful. But yeah, like you said, BSCP is still at a fair price and Portswigger is pretty well known, so I think I'm going to take advantage of that. Thanks again for the advice 🙌🏼
hi ty for ur tutorial, i see that u shared the completion of the challenge cubebreaker on htb, can u help me with some hint? Iescaped the box and bypassed the check for coordiantes, so now i can move free outside the box, but it seems like that the cube outside don’t have collisions, any help?
You get one attempt per exam voucher but I don't think there are any limits on how many times you can take the exam. I read some reports on reddit of people taking the exam ~10 times (it used to be a lot cheaper lol).
congrats \o/ I see my BSCP github Lab cheatsheet 1: noted in your video description, thanks, glad it came up in your research and glad if it helped breaking down the stages
It was awesome, thanks! I came across some of my own videos/writeups on a cheatsheet while I was revising, might of been yours. Full learning circle, love to see it 😅
Not all heroes wear capes.
Good timing, bought my Exam Voucher yesterday :D
Thanks for the insides.
Perfect, good luck! 🤞
how was the exam ?!
Awesome review, man!
Thank you! 🙏
Glad to see you’re uploading fairly regularly, I found you binex playlist and man it’s been immensely helpful keep it up man! You do a great job breaking things down and explaining things.
Thanks mate! Appreciated 🥰
Thanks for the feedback. You gave me the motivation pass it.
Awesome!! 💜
That's one valuable piece of info, mate.
Thx
🙏🥰
Thanks for the review. These labs used to load so fast, but now it takes forever to load /my-account, and even times out. Must be the traffic due to this video 😅
Hahaha sometimes they are slow for me as well! The worst is when they crash and you can't restart xD
@@_CryptoCat The exam is fast though right? They give you a private network for the exam, through a VPN or otherwise?
@@ismailmatrix1 There's no VPN, it's a similar setup to the practice exams. I didn't notice any performance issues though, they probably take resource allocation more seriously for the exam.
Very useful video. Thank you, CryptoCat! 🙏🚩
Thank you! Glad you liked it 🥰
you're my favourite
💜
Congrats! I will attempt my first exam soon, but I still struggle with some obfuscation in the practice exams (XSS). I generally feel confident with XSS and XXE, but since I'm really new to the field and don't have much (if any) web development experience, I feel like I'm missing out on some JavaScript and XML built-in functions and syntax that can be used to obfuscate.
To my question: Was that a big part of your exams? Do you have some resources that might help with that?
Thank you! Best of luck with the exam 🤞On the obfuscation, portswigger recommend this article for the exam: portswigger.net/web-security/essential-skills/obfuscating-attacks-using-encodings, I'd also recommend reviewing the labs that require obfuscation. I can't say much about the final exam (and both my attempts were different vulns anyway) but the practice exams are a good idea of what to expect - IIRC in those you don't have to deal with obfuscation blindly, e.g. there is some feedback to say something like "attack detected" or you can see some characters/keywords being stripped out, so you know where to focus your obfuscation techniques on, e.g. if there's an indication that some chars are blocked, you could fuzz through the possible chars and make a list of which ones trigger an error and which don't, then try different encodings until you no longer see errors.
Thanks for the detailed breakdown as usual. If I may one question.
Currently working as a network admin and I am looking to get into pentesting. Most people say that it's easier to get into web app pentesting as there is more demand, however should I still pursue network pentesting as it's closer to my background ?
Thanks mate! Good question, but one only you can answer. I don't think you'll have problem finding work in either field, if you are good at what you do. The most skilled people are generally those who are passionate about the subject, so if you feel more interested in web then don't worry if you won't put your networking experience to best use (I say "best", because even if you move to web, the network pentesting experience will be helpful). On the other hand, if you feel more passionate about networking, don't switch to web just because there might be more work/money.
TLDR; work hard on what you enjoy and the work/money will follow. Besides, many pentesting jobs involve a mix of these topics. One client might request a website pentest, another a network, another a mobile app.. or maybe a combination of all 🙂
@@_CryptoCatthanks, really appreciate the input
Hello! Thanks for the detailed review. However, I am still not sure whether to go for CBBH or BSCP first. I know BSCP is much cheaper, but since I need Burp Pro to finish all the Academy labs and for the exam, I think it would be necessary to get a 1-year subscription. Would it still be worth it to go first with BSCP instead of CBBH considering that the prices could be similar for both with the Burp Pro subscription + exam voucher cost?
Hmmmm good question! I haven't done the CBBH exam but I did finish the course. First thing I'll say is they both good, but very different. Portswigger will teach you everything you need to know about web vulns and exploits, but not much about the methodology of hunting. CBBH will go more into things like scope, recon, reporting etc.
Personally, I would recommend BSCP first - the labs and material on portswigger are the gold standard IMO, everyone interested in web hacking should complete them. The exam is very fairly priced, but will probably continue to rise as it becomes more established. I know you mention the price of burp but consider you could:
a) Use burp pro 1 month trial
b) At least get the benefits of having a year of burp pro, e.g. for bug bounty hunting
Up to you though, CBBH is also very good!
@@_CryptoCat Thank you for the quick response. I hadn't considered the benefits of having a Burp Pro subscription for bug bounty, so that's definitely useful. But yeah, like you said, BSCP is still at a fair price and Portswigger is pretty well known, so I think I'm going to take advantage of that. Thanks again for the advice 🙌🏼
@@xm4nd0 No problem mate, best of luck! 🤞
hi ty for ur tutorial, i see that u shared the completion of the challenge cubebreaker on htb, can u help me with some hint? Iescaped the box and bypassed the check for coordiantes, so now i can move free outside the box, but it seems like that the cube outside don’t have collisions, any help?
Did you get it solved? You can DM me on discord if needed
How many times can you take the exam once you have bought the voucher?
You get one attempt per exam voucher but I don't think there are any limits on how many times you can take the exam. I read some reports on reddit of people taking the exam ~10 times (it used to be a lot cheaper lol).
hey .. no one says going with cracked burp version 😁😂
😬😬😬